package com.qf.lw.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class AuthFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }
    String noauthstr=".jsp.js.css.font.html.jpg.jepg.png";
    String noauthpath="/login/regiest";
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest request= (HttpServletRequest) servletRequest;
        HttpServletResponse response= (HttpServletResponse) servletResponse;

        String path=request.getServletPath();//我们请求的地址
         if(path.lastIndexOf(".")>-1){//当前的请求是xx.xx
             String suf=path.substring(path.lastIndexOf("."));//截取到请求的后缀
             if(noauthstr.indexOf(suf)>-1){//不需要进行权限验证的i请求
                 filterChain.doFilter(request,response);
                 return;
             }
         }
         if (noauthpath.indexOf(path)>-1){//不需要进行权限验证的请求
             filterChain.doFilter(request,response);
             return;
         }
         //判断当前用户是否有权限执行这个请求地址
        Object obj=request.getSession().getAttribute("authstring");
         if(null==obj){
             response.sendRedirect("login.jsp");//重定向
         }
         String auths=String.valueOf(obj);
         if(auths.indexOf(path)>-1){//找到这个权限
             filterChain.doFilter(request,response);
         }else {
             response.sendRedirect("noauth.jsp");
         }

    }

    @Override
    public void destroy() {

    }
}
